search

Kicksecure / apparmor-profile-torbrowser

AppArmor profile for The Tor Browser Bundle (TBB) - https://www.whonix.org/wiki/AppArmor - for better security (hardening).
https://www.whonix.org/wiki/Impressum
Other
18 stars 17 forks source link

Removes unnecessary capabilities. #6

Closed madaidan closed 5 years ago

madaidan commented 5 years ago

Removes some unnecessary and extensive capabilities.

gcp commented 4 years ago

For future reference, please see this discussion to understand why removing these capabilities actually makes things less secure: https://groups.google.com/forum/#!topic/mozilla.dev.platform/UK4nm7MtTxQ

adrelanos commented 4 years ago

git master https://github.com/Whonix/apparmor-profile-torbrowser/blob/master/etc/apparmor.d/home.tor-browser.firefox

    ## Why does the Tor Browser AppArmor profile have sys_admin, sys_chroot and ptrace capabilities?
    ## https://forums.whonix.org/t/why-does-the-tor-browser-apparmor-profile-have-sys-admin-sys-chroot-and-ptrace-capabilities
    capability sys_admin,
    capability sys_chroot,
    capability sys_ptrace,

Looks alright?

gcp commented 4 years ago

Yes, it got re-added in a later reversal. I wanted to leave a link to the explanation so people who wonder about it can more easily find an authoritative source when searching.